CVEs with nessus.description==The version of Apple iTunes installed on the remote Windows host is
older than 11.1.4. It is, therefore, potentially affected by several
issues :
- The included versions of WebKit, libxml, and libxslt
contain several errors that could lead to memory
corruption and possibly arbitrary code execution. The
vendor notes that one possible attack vector is a
man-in-the-middle attack while the application browses
the 'iTunes Store'. (CVE-2011-3102, CVE-2012-0841,
CVE-2012-2807, CVE-2012-2825, CVE-2012-2870,
CVE-2012-2871, CVE-2012-5134, CVE-2013-1037,
CVE-2013-1038, CVE-2013-1039, CVE-2013-1040,
CVE-2013-1041, CVE-2013-1042, CVE-2013-1043,
CVE-2013-1044, CVE-2013-1045, CVE-2013-1046,
CVE-2013-1047, CVE-2013-2842, CVE-2013-5125,
CVE-2013-5126, CVE-2013-5127, CVE-2013-5128)
- An error exists related to text tracks in movie files
that could allow denial of service or arbitrary code
execution. (CVE-2013-1024)
- An error exists related to the iTunes Tutorials window
that could allow an attacker in a privileged network
location to inject content. (CVE-2014-1242)